allow-query for a zone
Warren Kumari
warren at kumari.net
Tue Jan 17 18:46:40 UTC 2012
On Jan 17, 2012, at 3:44 AM, Matus UHLAR - fantomas wrote:
>>> Whether you set allow-query to none, or remove the zone statement,
>>> clients will get an error when they try to query the zone.
>
> On 17.01.12 14:13, Jeff Peng wrote:
>> There is a difference when you develop a web interface for DNS system.
>> A user can "pause" the domain from web interface, if we remove the zone and records from BIND files, how will we do if user choose to enable the domain?
>
> simply: instead of adding "allow-notify {none;};" when user pauses a zone, you remove whole zone definition from the config file.
Or simply comment out the zone definition:
// example.com -- Zone stanza generated by WebUI
zone "example.com" {
type master;
file "/etc/namedb/example.com";
};
> When user unpauses, you will re-add the zone to bid config
// example.com -- Zone stanza generated by WebUI - paused.
//REMOVE_TO_UNPAUSE// zone "example.com" {
//REMOVE_TO_UNPAUSE// type master;
//REMOVE_TO_UNPAUSE// file "/etc/namedb/example.com";
//REMOVE_TO_UNPAUSE// };
>
>> But with allow-query none, only adding a statement we can "pause" the domain for querying, but can re-enable it by removing this statement later.
>
> The zone can stay on disk, in database etc, even when "paused".
>
> You still need to edit the config file, so there's not big difference.
>
> There's one Barry mentioned: With allow-query_none anyone who queries will get REFUSED, when you remove the zone definition they'll get SERVFAIL or maybe NXDOMAIN
>
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Depression is merely anger without enthusiasm. _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list